i have a virus that runs a fake anti virus program!

T

terminator

New Member
ok a friend toled me to get hijack this and save a log file, so here it is

the fake program is called virus suit and it keeps asking me to activate it and that there are infected files like wuaclt.exe i am unable to access the internet it just redirects to a screen saying "this page might harm you computer! do you want to activate your anti virus software now?" i am also unable to run/open programs except for programs that automatically start when i turn the comp on, i did find a way to semi stop the virus so i could install hijack this when i turn my comp on the virus takes about 10 seconds to start up, during that time a can open the task manger and when the fake anti virus starts up i can end it.

i dont have anything to back up my files so i would really like to just delete it.

i dont currently have any anti virus software on the infected comp (expired) but i do have a extra copy of avg that i bought for my newer comp i should be able to use that...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:25 PM, on 8/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Bregedabenudaj] rundll32.exe "C:\WINDOWS\icakawas.dll",Startup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [henotcjd] C:\Documents and Settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Uledeyesoguf] rundll32.exe "C:\WINDOWS\batigac.dll",Startup
O4 - HKCU\..\Run: [henotcjd] C:\Documents and Settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264636152046
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10816 bytes
 
Last edited:
You will need to download the following program onto a usb flash drive and transfer it to the infected computer and boot into safe mode and run it. However when saving the file, save it as combo-fix, not combofix.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
running great! im going to install avg after i post this...thanks abunch!

log from combo fix
ComboFix 10-08-12.03 - riesiecups 08/13/2010 14:59:12.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.786 [GMT -4:00]
Running from: c:\documents and settings\riesiecups\Desktop\Combo-fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\riesiecups\Application Data\inst.exe
c:\documents and settings\riesiecups\Local Settings\Application Data\{C187A671-1DF7-4CCC-8455-40FB5C2D5CB0}
c:\documents and settings\riesiecups\Local Settings\Application Data\{C187A671-1DF7-4CCC-8455-40FB5C2D5CB0}\chrome.manifest
c:\documents and settings\riesiecups\Local Settings\Application Data\{C187A671-1DF7-4CCC-8455-40FB5C2D5CB0}\chrome\content\_cfg.js
c:\documents and settings\riesiecups\Local Settings\Application Data\{C187A671-1DF7-4CCC-8455-40FB5C2D5CB0}\chrome\content\overlay.xul
c:\documents and settings\riesiecups\Local Settings\Application Data\{C187A671-1DF7-4CCC-8455-40FB5C2D5CB0}\install.rdf
c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf
c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\Thumbs.db
c:\windows\abirijeg.dll
c:\windows\asavigulus.dll
c:\windows\batigac.dll
c:\windows\desktop
c:\windows\desktop\Hooked on Phonics Learn to Read.lnk
c:\windows\esexudumosed.dll
c:\windows\ewemogoyineba.dll
c:\windows\icakawas.dll
c:\windows\ododejem.dll
c:\windows\system32\Thumbs.db
c:\windows\umokuyase.dll
c:\windows\usexatab.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 18:54 . 2009-08-19 09:08 306 ----a-w- c:\windows\myClean.bat
2010-08-12 22:03 . 2010-08-12 22:03 -------- d-----w- c:\program files\Trend Micro
2010-08-11 23:57 . 2010-08-12 00:10 -------- d-----w- c:\program files\GarrysMod
2010-08-11 23:57 . 2010-08-11 23:57 -------- d-----w- c:\windows\Garrysmod - NOSTEAM - FuzeRip
2010-08-11 02:23 . 2010-08-11 02:23 388232 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-08-11 02:23 . 2010-08-11 02:29 478344 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-08-11 02:22 . 2010-08-11 02:23 187528 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-08-11 02:22 . 2010-08-11 02:22 57344 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-08-11 02:22 . 2010-08-11 02:22 887448 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-08-11 02:22 . 2010-08-11 02:22 2600072 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-08-10 23:29 . 2010-08-10 23:29 -------- d-----w- c:\documents and settings\riesiecups\Application Data\id Software
2010-08-10 23:28 . 2010-08-10 23:28 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-10 23:28 . 2010-08-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-08-10 15:07 . 2010-07-06 17:58 1328504 ----a-w- c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-08-10 15:07 . 2010-07-06 17:58 724992 ----a-w- c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-08-09 03:44 . 2010-08-09 03:44 -------- d-----w- c:\documents and settings\riesiecups\Application Data\NVIDIA
2010-08-09 01:28 . 2010-08-09 01:28 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2010-08-09 01:22 . 2010-08-09 01:22 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-09 00:29 . 2010-08-09 01:22 -------- d-----w- c:\program files\Mass Effect 2
2010-08-08 18:47 . 2010-08-08 18:47 33982 ----a-r- c:\documents and settings\riesiecups\Application Data\Microsoft\Installer\{8EE72D39-DE32-4069-9E72-C1974546EFDD}\runescape.exe
2010-08-08 18:47 . 2010-08-08 18:47 -------- d-----w- c:\documents and settings\riesiecups\Local Settings\Application Data\jagexlauncher
2010-08-05 15:21 . 2010-08-06 20:32 -------- d-----w- c:\program files\REACTOR
2010-08-04 16:11 . 2010-08-04 16:11 -------- d-----w- c:\program files\Capcom
2010-08-03 00:20 . 2010-08-03 00:20 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Disney Interactive Studios
2010-08-03 00:06 . 2010-08-03 00:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-02 15:31 . 2010-08-02 15:31 629896 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-08-02 15:24 . 2010-08-02 15:24 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\documents and settings\riesiecups\Application Data\IconTweaker
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\program files\IconTweaker
2010-08-02 03:18 . 2010-08-02 03:36 -------- d-----w- c:\program files\iColorFolder
2010-07-18 22:38 . 2010-08-12 02:01 2853 ----a-w- c:\windows\Rjonov.dat
2010-07-18 22:38 . 2010-08-11 16:26 0 ----a-w- c:\windows\Ykuvijiwaw.bin
2010-07-18 22:37 . 2010-07-18 22:37 47616 ---ha-w- c:\windows\system32\atmanmgr.dll
2010-07-14 20:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 18:36 . 2010-01-28 01:58 39584 ----a-w- c:\documents and settings\riesiecups\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 23:09 . 2010-05-12 01:52 -------- d-----w- c:\program files\Steam
2010-08-12 23:08 . 2010-01-29 03:23 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Xfire
2010-08-12 02:06 . 2010-05-01 20:30 -------- d-----w- c:\program files\uTorrent
2010-08-12 02:04 . 2010-05-01 20:29 -------- d-----w- c:\documents and settings\riesiecups\Application Data\uTorrent
2010-08-11 20:17 . 2010-05-26 00:19 -------- d-----w- c:\documents and settings\riesiecups\Application Data\TS3Client
2010-08-11 19:58 . 2010-05-26 00:07 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-10 23:29 . 2010-01-28 00:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\documents and settings\riesiecups\Application Data\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\documents and settings\riesiecups\Application Data\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-10 15:39 . 2010-02-20 03:40 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-09 02:06 . 2010-05-04 23:59 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-09 01:28 . 2010-01-27 23:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-07 01:28 . 2010-02-17 18:49 99 ----a-w- c:\documents and settings\riesiecups\jagex_runescape_preferences2.dat
2010-08-07 00:26 . 2010-02-17 18:47 46 ----a-w- c:\documents and settings\riesiecups\jagex_runescape_preferences.dat
2010-08-06 21:03 . 2010-01-28 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 20:33 . 2010-08-06 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2010-08-06 19:53 . 2010-01-27 23:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-06 19:51 . 2010-06-15 19:02 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-06 19:51 . 2010-06-15 19:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-06 19:51 . 2010-06-15 19:02 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-06 19:27 . 2010-08-06 19:27 -------- d-----w- c:\program files\ijji
2010-08-05 14:51 . 2010-06-22 21:24 -------- d-----w- c:\program files\Electronic Arts
2010-08-04 21:17 . 2010-02-19 20:54 -------- d-----w- c:\documents and settings\riesiecups\Application Data\LimeWire
2010-08-04 20:48 . 2010-06-06 19:27 -------- d-----w- c:\documents and settings\riesiecups\Application Data\High Quality Youtube Downloader
2010-08-02 18:02 . 2010-06-06 19:30 -------- d-----w- c:\program files\Youtube Downloader HD
2010-08-02 18:02 . 2010-06-21 14:04 -------- d-----w- c:\program files\Atrinsic
2010-08-02 17:23 . 2003-03-31 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-07-30 02:08 . 2010-01-29 03:23 -------- d-----w- c:\program files\Xfire
2010-07-18 01:59 . 2010-05-17 03:40 -------- d-----w- c:\program files\DoremiSoft
2010-07-18 01:58 . 2010-04-21 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-07-10 21:17 . 2010-05-21 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 21:17 . 2010-05-21 03:40 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 21:14 . 2010-07-10 21:14 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 21:14 . 2010-05-21 03:32 -------- d-----w- c:\program files\DivX
2010-07-10 21:14 . 2010-07-10 21:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-10 21:14 . 2010-07-10 21:14 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 21:13 . 2010-07-10 21:13 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 21:10 . 2010-05-21 03:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 21:10 . 2010-05-21 03:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-10 18:06 . 2010-07-10 18:06 -------- d-----w- c:\program files\XfireXO
2010-07-10 18:06 . 2010-07-10 18:06 -------- d-----w- c:\program files\Conduit
2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 17:36 . 2010-07-08 17:36 -------- d-----w- c:\program files\The Learning Company
2010-07-08 16:56 . 2010-07-08 16:56 302 ----a-w- c:\windows\EReg515.dat
2010-07-08 16:55 . 2010-07-08 16:55 -------- d-----w- c:\program files\Disney Interactive
2010-07-07 20:52 . 2010-07-07 20:52 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Capcom
2010-07-07 17:46 . 2010-06-15 19:02 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:07 . 2010-06-28 20:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-28 19:45 . 2010-05-28 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 18:17 . 2010-04-21 19:01 -------- d-----w- c:\program files\BRS
2010-06-28 18:15 . 2010-06-28 18:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-28 18:15 . 2010-06-28 18:15 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-28 18:15 . 2010-06-28 18:15 -------- d-----w- c:\program files\OpenAL
2010-06-28 14:39 . 2010-03-25 06:24 -------- d-----w- c:\program files\Ubisoft
2010-06-24 19:37 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-24 12:22 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 21:35 . 2010-06-22 21:35 10134 ----a-r- c:\documents and settings\riesiecups\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-22 21:35 . 2010-06-22 21:35 -------- d-----w- c:\program files\Microsoft WSE
2010-06-22 21:17 . 2010-03-21 01:47 -------- d-----w- c:\program files\Ubi Soft
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 14:04 . 2010-06-21 14:04 -------- d-----w- c:\program files\Tightrope
2010-06-21 07:17 . 2010-02-08 23:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\program files\Yahoo!
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Yahoo!
2010-06-18 11:09 . 2010-06-18 02:34 -------- d-----w- c:\program files\Tomb Raider - Underworld
2010-06-17 17:13 . 2010-06-17 17:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xfire
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 18:39 . 2010-06-02 18:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-06-15 18:39 . 2010-06-02 18:14 -------- d-----w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-06-14 14:31 . 2010-01-27 23:16 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-03-31 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 18:14 . 2010-06-02 18:14 85504 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-02 08:55 . 2010-06-18 11:03 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55 . 2010-06-18 11:03 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55 . 2010-06-18 11:03 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 15:41 . 2010-06-18 11:03 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41 . 2010-06-18 11:03 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41 . 2010-06-18 11:03 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41 . 2010-06-18 11:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41 . 2010-06-18 11:03 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 14:11 . 2010-05-21 03:07 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-12 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunMVSMyClean"="c:\windows\myclean.bat" [2009-08-19 306]

c:\documents and settings\riesiecups\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^riesiecups^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\riesiecups\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 21:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 23:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 22:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 18:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
the rest

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

S1 230O4;230O4;\??\c:\windows\system32\drivers\230O4.sys --> c:\windows\system32\drivers\230O4.sys [?]
S1 TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};c:\windows\system32\drivers\TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6}.sys [2/24/2010 10:43 AM 0]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchAssistant =
IE: Free YouTube Download - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Uledeyesoguf - c:\windows\batigac.dll
HKCU-Run-henotcjd - c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
HKLM-Run-Bregedabenudaj - c:\windows\icakawas.dll
HKLM-Run-henotcjd - c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
SafeBoot-230O4
SafeBoot-ARP1394
SafeBoot-TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6}
MSConfigStartUp-iYogiToolbar - c:\program files\iYogi SupportDock\iYogiSupportDock.exe
MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
MSConfigStartUp-MVS Splash - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MSConfigStartUp-Startup Manager - c:\program files\iYogi SupportDock\Optimize\startupmanager.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Arthur's Computer Adventure - c:\program files\The Learning Company\Arthur's Computer Adventure\uninstall.exe
AddRemove-Hunting Unlimited 2010_is1 - c:\program files\Games Of The Month\Hunting Unlimited 2010\unins001.exe
AddRemove-Little Bear(TM) Rainy Day Activities - c:\program files\The Learning Company\Little Bear(TM) Rainy Day Activities\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Teach_Yourself_to_Play_Guitar_1.8 - c:\windows\iun506.exe
AddRemove-Tomb Raider: Underworld - c:\program files\Tomb Raider - Underworld\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-08-13 15:05:18
ComboFix-quarantined-files.txt 2010-08-13 19:05

Pre-Run: 44,394,897,408 bytes free
Post-Run: 47,550,382,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5148BEA4D49FCA43D6E585B1E784C36B
 
hijack this log

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

S1 230O4;230O4;\??\c:\windows\system32\drivers\230O4.sys --> c:\windows\system32\drivers\230O4.sys [?]
S1 TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};c:\windows\system32\drivers\TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6}.sys [2/24/2010 10:43 AM 0]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uSearchAssistant =
IE: Free YouTube Download - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Uledeyesoguf - c:\windows\batigac.dll
HKCU-Run-henotcjd - c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
HKLM-Run-Bregedabenudaj - c:\windows\icakawas.dll
HKLM-Run-henotcjd - c:\documents and settings\riesiecups\Local Settings\Application Data\hgcyhmfuf\ynkqlfhshdw.exe
SafeBoot-230O4
SafeBoot-ARP1394
SafeBoot-TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6}
MSConfigStartUp-iYogiToolbar - c:\program files\iYogi SupportDock\iYogiSupportDock.exe
MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
MSConfigStartUp-MVS Splash - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
MSConfigStartUp-Startup Manager - c:\program files\iYogi SupportDock\Optimize\startupmanager.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Arthur's Computer Adventure - c:\program files\The Learning Company\Arthur's Computer Adventure\uninstall.exe
AddRemove-Hunting Unlimited 2010_is1 - c:\program files\Games Of The Month\Hunting Unlimited 2010\unins001.exe
AddRemove-Little Bear(TM) Rainy Day Activities - c:\program files\The Learning Company\Little Bear(TM) Rainy Day Activities\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Teach_Yourself_to_Play_Guitar_1.8 - c:\windows\iun506.exe
AddRemove-Tomb Raider: Underworld - c:\program files\Tomb Raider - Underworld\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 15:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(432)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-08-13 15:05:18
ComboFix-quarantined-files.txt 2010-08-13 19:05

Pre-Run: 44,394,897,408 bytes free
Post-Run: 47,550,382,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5148BEA4D49FCA43D6E585B1E784C36B
 
You posted the balance of the combofix log instead of the hijackthis log, please post a new hijackthis log. I will then post more instructions.
 
oops sorry about that

here ya go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:50 AM, on 8/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgupd.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264636152046
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10775 bytes
 
Please rerun hijackthis and place checks next to the following entries.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\s wg.dll (file missing)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: McAfee SiteAdvisor Enterprise Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe (file missing)

Then click on fix checked at the bottom.

Please download the mcafee removal tool and run it.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::
230O4

File::
c:\windows\system32\drivers\230O4.sys 
c:\windows\Rjonov.dat
c:\windows\Ykuvijiwaw.bin

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
ok i did the hijackthis step and the mcafee part, but i have a question about the combo fix part when i drag the CFScript file to the combofix exe it warns my about running avg that it my cause computer damage. is it ok to just run? or can i disable avg?
 
Disable avg by opening it up and clicking on tools menu, then advanced settings. When the page loads up click on resident shield on the left and then on the right side of the page uncheck enable resident shield. Just remember when done running combofix to go back in and recheck it.
 
ok all done

ComboFix 10-08-12.03 - riesiecups 08/14/2010 17:56:25.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.438 [GMT -4:00]
Running from: c:\documents and settings\riesiecups\Desktop\Combo-fix.exe
Command switches used :: c:\documents and settings\riesiecups\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::
"c:\windows\Rjonov.dat"
"c:\windows\system32\drivers\230O4.sys"
"c:\windows\Ykuvijiwaw.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Rjonov.dat
c:\windows\system32\Thumbs.db
c:\windows\Ykuvijiwaw.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_230O4
-------\Service_230O4


((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-14 14:17 . 2010-08-14 14:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-14 03:48 . 2010-08-14 03:48 -------- d-----w- c:\documents and settings\riesiecups\Application Data\AVG9
2010-08-13 19:38 . 2010-08-14 14:22 -------- d-----w- C:\$AVG
2010-08-13 19:38 . 2010-08-14 14:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-13 19:38 . 2010-08-14 14:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-13 19:38 . 2010-08-13 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-13 19:38 . 2010-08-14 14:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-13 19:38 . 2010-08-14 14:16 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-13 19:38 . 2010-08-14 14:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-13 19:37 . 2010-08-14 14:16 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-13 19:37 . 2010-08-14 14:16 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-13 19:37 . 2010-08-14 14:16 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-13 19:37 . 2010-08-13 19:37 -------- d-----w- c:\program files\AVG
2010-08-13 19:37 . 2010-08-13 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-13 18:54 . 2009-08-19 09:08 306 ----a-w- c:\windows\myClean.bat
2010-08-12 22:03 . 2010-08-12 22:03 -------- d-----w- c:\program files\Trend Micro
2010-08-11 23:57 . 2010-08-11 23:57 -------- d-----w- c:\windows\Garrysmod - NOSTEAM - FuzeRip
2010-08-10 23:29 . 2010-08-10 23:29 -------- d-----w- c:\documents and settings\riesiecups\Application Data\id Software
2010-08-10 23:28 . 2010-08-10 23:28 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-10 23:28 . 2010-08-10 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2010-08-09 03:44 . 2010-08-09 03:44 -------- d-----w- c:\documents and settings\riesiecups\Application Data\NVIDIA
2010-08-09 01:28 . 2010-08-09 01:28 -------- d-----w- c:\windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2010-08-09 01:22 . 2010-08-09 01:22 -------- d-----w- c:\program files\Common Files\BioWare
2010-08-09 00:29 . 2010-08-09 01:22 -------- d-----w- c:\program files\Mass Effect 2
2010-08-08 18:47 . 2010-08-08 18:47 -------- d-----w- c:\documents and settings\riesiecups\Local Settings\Application Data\jagexlauncher
2010-08-06 20:31 . 2010-03-24 20:57 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-08-06 20:31 . 2010-03-24 20:56 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-08-06 19:45 . 2008-07-10 15:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-08-06 19:27 . 2010-08-06 19:27 -------- d-----w- c:\program files\ijji
2010-08-06 19:05 . 2010-08-06 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2010-08-05 15:21 . 2010-08-13 21:47 -------- d-----w- c:\program files\REACTOR
2010-08-04 16:11 . 2010-08-04 16:11 -------- d-----w- c:\program files\Capcom
2010-08-03 00:20 . 2010-08-03 00:20 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Disney Interactive Studios
2010-08-03 00:06 . 2010-08-03 00:06 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\documents and settings\riesiecups\Application Data\IconTweaker
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
2010-08-02 04:04 . 2010-08-02 04:04 -------- d-----w- c:\program files\IconTweaker
2010-08-02 03:18 . 2010-08-02 03:36 -------- d-----w- c:\program files\iColorFolder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 22:08 . 2010-01-29 03:23 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Xfire
2010-08-14 22:07 . 2010-05-12 01:52 -------- d-----w- c:\program files\Steam
2010-08-14 22:05 . 2010-05-01 20:29 -------- d-----w- c:\documents and settings\riesiecups\Application Data\uTorrent
2010-08-14 14:18 . 2010-01-28 01:58 39296 ----a-w- c:\documents and settings\riesiecups\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 14:05 . 2010-02-10 21:15 -------- d-----w- c:\program files\Google
2010-08-13 19:38 . 2010-08-14 14:09 875288 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-08-13 19:38 . 2010-08-14 14:09 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-08-13 19:38 . 2010-08-14 14:09 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-08-13 19:38 . 2010-08-14 14:09 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-08-12 02:06 . 2010-05-01 20:30 -------- d-----w- c:\program files\uTorrent
2010-08-11 20:17 . 2010-05-26 00:19 -------- d-----w- c:\documents and settings\riesiecups\Application Data\TS3Client
2010-08-11 19:58 . 2010-05-26 00:07 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-08-11 02:29 . 2010-08-11 02:23 478344 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-08-11 02:23 . 2010-08-11 02:23 388232 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-08-11 02:23 . 2010-08-11 02:22 187528 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-08-11 02:22 . 2010-08-11 02:22 57344 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-08-11 02:22 . 2010-08-11 02:22 887448 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-08-11 02:22 . 2010-08-11 02:22 2600072 ----a-w- c:\documents and settings\riesiecups\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-08-10 23:29 . 2010-01-28 00:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\documents and settings\riesiecups\Application Data\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 138056 ----a-w- c:\documents and settings\riesiecups\Application Data\PnkBstrK.sys
2010-08-10 15:39 . 2010-01-28 00:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-10 15:39 . 2010-02-20 03:40 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-09 02:06 . 2010-05-04 23:59 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-09 01:28 . 2010-01-27 23:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-08 18:47 . 2010-08-08 18:47 33982 ----a-r- c:\documents and settings\riesiecups\Application Data\Microsoft\Installer\{8EE72D39-DE32-4069-9E72-C1974546EFDD}\runescape.exe
2010-08-07 01:28 . 2010-02-17 18:49 99 ----a-w- c:\documents and settings\riesiecups\jagex_runescape_preferences2.dat
2010-08-07 00:26 . 2010-02-17 18:47 46 ----a-w- c:\documents and settings\riesiecups\jagex_runescape_preferences.dat
2010-08-06 21:03 . 2010-01-28 00:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 19:53 . 2010-01-27 23:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-06 19:51 . 2010-06-15 19:02 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-06 19:51 . 2010-06-15 19:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-06 19:51 . 2010-06-15 19:02 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-05 14:51 . 2010-06-22 21:24 -------- d-----w- c:\program files\Electronic Arts
2010-08-04 21:17 . 2010-02-19 20:54 -------- d-----w- c:\documents and settings\riesiecups\Application Data\LimeWire
2010-08-04 20:48 . 2010-06-06 19:27 -------- d-----w- c:\documents and settings\riesiecups\Application Data\High Quality Youtube Downloader
2010-08-02 18:02 . 2010-06-06 19:30 -------- d-----w- c:\program files\Youtube Downloader HD
2010-08-02 18:02 . 2010-06-21 14:04 -------- d-----w- c:\program files\Atrinsic
2010-08-02 17:23 . 2003-03-31 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-02 15:31 . 2010-08-02 15:31 629896 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2010-08-02 15:24 . 2010-08-02 15:24 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2010-07-30 02:08 . 2010-01-29 03:23 -------- d-----w- c:\program files\Xfire
2010-07-18 01:59 . 2010-05-17 03:40 -------- d-----w- c:\program files\DoremiSoft
2010-07-18 01:58 . 2010-04-21 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2010-07-10 21:17 . 2010-05-21 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 21:17 . 2010-05-21 03:40 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 21:14 . 2010-07-10 21:14 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 21:14 . 2010-05-21 03:32 -------- d-----w- c:\program files\DivX
2010-07-10 21:14 . 2010-07-10 21:14 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-10 21:14 . 2010-07-10 21:14 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 21:13 . 2010-07-10 21:13 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 21:10 . 2010-05-21 03:38 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 21:10 . 2010-05-21 03:38 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-10 18:06 . 2010-07-10 18:06 -------- d-----w- c:\program files\XfireXO
2010-07-10 18:06 . 2010-07-10 18:06 -------- d-----w- c:\program files\Conduit
2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 17:36 . 2010-07-08 17:36 -------- d-----w- c:\program files\The Learning Company
2010-07-08 16:56 . 2010-07-08 16:56 302 ----a-w- c:\windows\EReg515.dat
2010-07-08 16:55 . 2010-07-08 16:55 -------- d-----w- c:\program files\Disney Interactive
2010-07-07 20:52 . 2010-07-07 20:52 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Capcom
2010-07-07 17:46 . 2010-06-15 19:02 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-07-06 17:58 . 2010-08-10 15:07 1328504 ----a-w- c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-07-06 17:58 . 2010-08-10 15:07 724992 ----a-w- c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:07 . 2010-06-28 20:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-28 20:06 . 2010-06-28 20:06 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-28 19:45 . 2010-05-28 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 18:17 . 2010-04-21 19:01 -------- d-----w- c:\program files\BRS
2010-06-28 18:15 . 2010-06-28 18:15 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-28 18:15 . 2010-06-28 18:15 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-28 18:15 . 2010-06-28 18:15 -------- d-----w- c:\program files\OpenAL
2010-06-28 14:39 . 2010-03-25 06:24 -------- d-----w- c:\program files\Ubisoft
2010-06-24 19:37 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-24 12:22 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 21:35 . 2010-06-22 21:35 10134 ----a-r- c:\documents and settings\riesiecups\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-22 21:35 . 2010-06-22 21:35 -------- d-----w- c:\program files\Microsoft WSE
2010-06-22 21:17 . 2010-03-21 01:47 -------- d-----w- c:\program files\Ubi Soft
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 14:04 . 2010-06-21 14:04 -------- d-----w- c:\program files\Tightrope
2010-06-21 07:17 . 2010-02-08 23:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\program files\Yahoo!
2010-06-20 23:01 . 2010-06-20 23:01 -------- d-----w- c:\documents and settings\riesiecups\Application Data\Yahoo!
2010-06-18 11:09 . 2010-06-18 02:34 -------- d-----w- c:\program files\Tomb Raider - Underworld
2010-06-17 17:13 . 2010-06-17 17:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xfire
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-06-15 18:39 . 2010-06-15 18:39 290816 ----a-w- c:\documents and settings\riesiecups\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-06-13 23:10 2734688 ----a-w- c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 16:28 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1115392]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-05-12 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-14 2065760]

c:\documents and settings\riesiecups\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-14 14:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^riesiecups^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\riesiecups\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 21:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 23:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 22:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 18:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\terminator199417\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [8/13/2010 3:38 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/13/2010 3:38 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/13/2010 3:37 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/13/2010 3:38 PM 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8/14/2010 10:16 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/14/2010 10:17 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [8/14/2010 10:16 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/14/2010 10:17 AM 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/13/2010 3:37 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [8/13/2010 3:37 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [8/13/2010 3:37 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [8/13/2010 3:37 PM 26192]
S1 TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6};c:\windows\system32\drivers\TCPIP_{5E950305-E739-45E5-90A8-99D8D20CC0D6}.sys [2/24/2010 10:43 AM 0]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/13/2010 3:37 PM 30104]
S4 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant =
IE: Free YouTube Download - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\riesiecups\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\riesiecups\Application Data\Mozilla\Firefox\Profiles\enlpt9ek.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
the rest

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 18:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,e9,b8,a0,bd,e9,a7,47,99,15,78,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgam.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-08-14 18:14:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 22:14
ComboFix2.txt 2010-08-13 19:05

Pre-Run: 44,887,322,624 bytes free
Post-Run: 44,732,248,064 bytes free

- - End Of File - - A8EBBB3626D6176ECEE5F49D0ADCC49E
 
How is your system running now? If you haven't downloaded and ran Ccleaner yet, I highly recommend you do it.

http://download.cnet.com/ccleaner/

Set the options to the ones that are checked in the attached image and click on run cleaner.
 

Attachments

  • ccleaner.JPG
    ccleaner.JPG
    76.3 KB · Views: 29
i think its running better after all that! yes someone recommended that to me i will download. and thanks for all your help and the settings i really appreciate it!
 
You must log in or register to reply here.
Back
Top